Solved: Source & Dest NAT

mkannan_29 · ‎04-19-2012

Dear Experts,

Need your assistance to achieve the below requirement.

We are having the MPLS link and BGP has been configured as IGP to connect the remote host.

I am connecting a remote host from my PC and doing the NAT in the router at my end. As there is no NAT allowed in the remote router.

Source IP : 192.168.100.105 to be NAT as 10.116.25.105

I am doing telnet from my pc to the remote host as below

Destination IP : 10.116.28.106 :1234 to be NAT as 192.168.101.106

Actual traffic

192.168.100.105 (10.116.25.105) --> telnet 192.168.101.106:1234 (10.116.28.106:1234)

NAT traffic

(192.168.100.105) 10.116.25.105 --> telnet (192.168.101.106:1234) 10.116.28.106:1234

The required route has been configured.

I have tested the connectivity by doing the source nat as below and successfully connected the remote host

ip nat inside source static 192.168.100.105 10.116.25.105

doing telnet from my host as telnet 10.116.28.106 : 1234

I am unable to do the nat for the destination IP and request your advice on the same.

regards,

M.K

Dan-Ciprian Cicioiu · ‎04-19-2012

Inside Source IP : 192.168.100.105 to be NAT as 10.116.25.105

Outside Destination IP : 10.116.28.106 :1234 to be NAT as 192.168.101.106

In order to ease the explanation I will name the phisical interfaces INSIDE and OUTSIDE

int

ip nat inside

int

ip nat outside

ip nat inside source static 192.168.100.105 10.116.25.105

ip nat outside source static 10.116.28.106 192.168.101.106

ip route 192.168.101.106 255.255.255.255 OUTSIDE

When a packet is received on the INSIDE interface before NATing the router will check the routing table.

Beside this,

your internal LAN should route 192.168.101.106 toward Inside interface of this equipment

external network should route 10.116.28.106 toward Outside interface of this equipment

Dan

View solution in original post

Dan-Ciprian Cicioiu · ‎04-19-2012

Hi ,

Could you provide show ip route from your equipment ?

Dan

mkannan_29 · ‎04-19-2012

please find the route configured in the device

ip route 10.116.25.105 255.255.255.255 Null0

ip route 192.168.100.105 255.255.255.255 192.168.106.101

192.168.106.101 --> g/w (L3 device)

192.168.106.102 --> LAN IP of the router

Dan-Ciprian Cicioiu · ‎04-19-2012

Can you try :

ip route 192.168.101.106 255.255.255.255

ip nat outside source static 10.116.28.106 192.168.101.106

Also I do not think that you need :

ip route 192.168.100.105 255.255.255.255 192.168.106.101

The thing is the when the packet hits the ïp nat inside interface it will do first routing and then NAT, thats why you need the static route.

What about the 10.116.28.106 prefix ? It is not present in the rt ?

Dan

mkannan_29 · ‎04-19-2012

Dan,

request you to provide the information in detail. I am not getting it clearly.

Dan-Ciprian Cicioiu · ‎04-19-2012

Inside Source IP : 192.168.100.105 to be NAT as 10.116.25.105

Outside Destination IP : 10.116.28.106 :1234 to be NAT as 192.168.101.106

In order to ease the explanation I will name the phisical interfaces INSIDE and OUTSIDE

int

ip nat inside

int

ip nat outside

ip nat inside source static 192.168.100.105 10.116.25.105

ip nat outside source static 10.116.28.106 192.168.101.106

ip route 192.168.101.106 255.255.255.255 OUTSIDE

When a packet is received on the INSIDE interface before NATing the router will check the routing table.

Beside this,

your internal LAN should route 192.168.101.106 toward Inside interface of this equipment

external network should route 10.116.28.106 toward Outside interface of this equipment

Dan

mkannan_29 · ‎04-28-2012

Hi Dan,

Thanks for the detailed information. Last week completed the configuration successfully.

Thanks for your support on the same.

Also request your help to configure different type of NATs in CISCO ASA Firewall.

Regards,

M.K

Dan-Ciprian Cicioiu · ‎04-28-2012

My pleasure , MK.

If you have an issue with ASA's NAT, or anyother issue do not hesitate to post it.

Dan